Access secured storage account using Azure Synapse workspace using SAS token

srigowri 26 Reputation points
2022-12-05T14:20:37.657+00:00

Hi Team,

We are trying to establish a connectivity between Azure Synapse workspace and Storage account using private endpoint.

We have the following steps in place:

  • An Azure Synapse workspace is created with Managed Virtual Network
  • Azure Storage account has Networking configuration such that it allows traffic from specified networks and resource instances.
  • A managed private endpoint for Azure Synapse workspace is approved in Azure Storage Account.

We are now trying to create a Synapse view using SAS token, but running in to issues which reads

Content of directory on path '/folder/sub1=/sub2=/sub3=*/**' cannot be listed.

P.S: If Storage Blob Data Contributor Role for Synapse Workspace associated with the Storage Account and if we use managed identity instead of SAS , then the query runs fine.

We would like to run Azure Synapse queries using SAS token and no Contributor role assigned..Is it possible?
Is it possible to auto approve the managed private endpoint?

References:
https://learn.microsoft.com/en-us/azure/synapse-analytics/sql/develop-storage-files-storage-access-control?tabs=shared-access-signature#tabpanel_1_shared-access-signature
https://learn.microsoft.com/en-us/azure/synapse-analytics/security/connect-to-a-secure-storage-account

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,356 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
461 questions